RICHMOND (October 10, 2017) - Attorney General Mark R. Herring today joined a coalition with 36 other attorneys general to urge consumer reporting agencies Experian and TransUnion to immediately stop charging fees to consumers who want to put in place credit freezes on their accounts in light of the massive data breach at the consumer reporting agency Equifax.

Herring and the other attorneys general sent a letter today to the consumer reporting agencies (CRAs) urging them to stop charging fees for credit freezes and fees to lift or temporarily lift credit freezes on consumers' accounts. The Equifax data breach reported last month has so far affected over 145 million Americans, including 4.1 million Virginians. Seven states already ban or restrict such fees by the CRAs.

"In light of the enormous number of consumers whose data has been stolen across the county, including more than 4 million Virginians, we're asking Experian and TransUnion to step up and help consumers protect themselves by waiving the fees on credit freezes," Herring said. "It is the right thing to do, and is a small step to help millions of consumers protect themselves from harm which occurred through no fault of their own."

Currently, some of the CRAs are offering what they call a credit lock, which is similar to a credit freeze, but in some cases they also charge a monthly fee for the lock and combine it with other services, such as credit monitoring. In other cases, the CRAs offer a credit freeze free of charge, but the terms and conditions indicate that consumers' information will be shared with affiliates and third party marketers. The states said those conditions are unacceptable and the goal for consumers is to secure their data - not distribute it any further. Consumers should be able to receive the credit freezes provided for by law without fees and without being subjected to marketing from unknown third parties.

In addition to placing a credit freeze on all of your credit reports, here are some tips consumers can take to safeguard against identity theft:

Beware of potential phishing emails; don't open any email messages or attachments from unknown senders and do not click on any unknown links. Fraudsters will frequently send coercive and misleading emails threatening account suspension or worse if sensitive information is not provided. Remember, businesses will never ask customers to verify account information via email. If in doubt, contact the business in question directly for verification and to report phishing emails; and

Be on the lookout for spoofed email addresses. Spoofed email addresses are those that make minor changes in the domain name, frequently changing the letter O to the number zero, or the lowercase letter l to the number one. Scrutinize all incoming email addresses to ensure that the sender is truly legitimate.